The Moral of the Ashley-Madison Story

9.7 Gigabytes of information from 37 million or so cheaters are out there right now. Data of people who cheat on their spouses or partners at least once or at least tried to, thanks to the hacking group known as the Impact Team. That data was taken from the online cheating website Ashley Madison. Yes, the one that says “Because Life Is Short, Try Cheating”. That website was hacked by the Impact Team in the noble attempt to shut it down and stop the spread of adultery.

With that much data, TV networks could probably run year-long reality or talk shows discussing famous celebrities who may be on that list. Celebrity Cheats. Philandering Personalities. Partners are probably playing “Where’s Waldo” trying to look for their partners after downloading the data, at least the computer-savvy ones. Woe is he or she should their names come up. More than 30 million families and relationships could be broken from this mess but that’s a gamble the Impact Team is willing to take in their fight against the spread of adultery online. They never asked for money in exchange for the keeping the data to themselves. They just wanted the site to shut down. They threatened to release the data if the site doesn’t shut down but Ashley Madison called their bluff. The hackers weren’t bluffing. Now the data is out for all who are familiar with torrents to see.

Ashley-Madison could at least have suspended their operations in light of the threat in order to protect their customers whose personal and other relationships could be put in jeopardy. Not only will their customers have problems at home but also elsewhere that matters. Besties will ignore their friends’ infidelity and might even show support but others might not be so forgiving. Neighbors, colleagues and even the boss, that is, if they made the unlikely effort to scan 9.7 gigabytes of data. Ashley-Madison could have protected their customers from the start by adding encryption in their data and beefing up security which is paramount to sites and services of their nature. Some porn sites are probably doing a better job.

Aside from getting outed as cheaters, Ashley-Madison members have a bigger problem. Their credit card information is included in the file, probably including their birth dates and real world addresses to boot, which is by now being harvested by thousands of identity theft professionals. That is unless they had the sense to falsify their addresses when they registered and cancelled their credit cards the moment the hacking news first broke out. Even if their partners and friends aren’t computer-savvy enough to scan the Ashley-Madison data, there are others who can such as nosy neighbors or people who think they can get money out of blackmail.

All those cheaters probably learned something by now. Stay in singles bars and keep their infidelity offline. So, will website owners or the internet learn anything from the Ashley Madison hacking mess? Will similar website owners do the same thing such as Tinder and Down? Websites such as Ashley-Madison and any e-commerce website for that matter should know that security is paramount not just for themselves, but for their users. Whether these websites trade using credit cards, bitcoins or wire transfer, they deal with other people’s money and often, identity thieves only need a bank account or credit card number to rob people blind. Any hacker worth the same salt as the Impact Team can easily rob commercial websites with the same infrastructure as Ashley-Madison.

The least website owners can do is add a level of encryption to their data, so in case the data is copied outside the company like what happened with the Office of Personnel Management, they’ll be next to useless unless the hackers can hack the encryption as well. If for example, they use a database such as MS SQL Server or MySQL, their data should be hashed except maybe for some key fields. Also, again as I wrote before in the WordPress piece,

The website host should be secure, not just the website itself.

Website owners who host their own sites should invest in a good hardware firewall and anti-viral security.

Keep their systems updated and properly patched.

Logins should be more secure, for instance, website owners should require their members to log-in using the mix of least-eight-digit-uppercase-smallercase-number-symbol-blood-of-virgin password standard. Such a precaution is necessary since users can’t be trusted with coming up with passwords.

Speaking of passwords, login tries should be limited and the passwords for both users and administrators should be changed for a determined period of time.

Website owners should dump the Admin/Administrator/Localuser/User1 login names to give hackers a more difficult time accessing their systems

…and avoid displaying the version names of the development platforms they used.

These security measures apply to other platforms aside from WordPress. While we can’t persuade sexually adventurous people from engaging in illicit activities, made easier by the internet nor tell people not to engage in businesses that cater to sexually adventurous people, the real moral of the Ashley-Madison mess lies with security. Security that Ashley-Madison may not have taken seriously. The company now faces multiple lawsuits. It’s CEO has now stepped down and the company’s reputation is now close to nil. What of its clientele? There won’t be a shortage of bored housewives, disenfranchised husbands, sexually active neglected spouses anytime soon. This mess will only make them think twice before signing up to similar services, which will probably be more secure and ready to take over what’s left of Ashley-Madison.